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METHOD AND APPARATUS FOR TRANSPARENTLY 
PROCESSING DNS TRAFFIC 

R A OI TND OF THF. INVENTION 
1. PTFT .D OF THF . INVENTION 

This invention relates to the field of computer software, and, more 
specifically, to caching DNS information. 

Portions of the disclosure of this patent document contain material 
that is subject to copyright protection. The copyright owner has no objection 
to the facsimile reproduction by anyone of the patent document or the patent 
disclosure as it appears in the Patent and Trademark Office file or records, but 
otherwise reserves all copyright rights whatsoever. Sun, Sun Microsystems, 
the Sun logo, Solaris, Java, JavaOS, JavaStation, Hotjava Views and all Java- 
based trademarks and logos are trademarks or registered trademarks of Sun 
Microsystems, Inc. in the United States and other countries. 

2. RAr^r,ROIIND ART 

In a computer network environment and the internet, computers on 
the network (clients or servers) are assigned unique identifiers that may be 
mapped to a textual name referred to as a domain name. Computer users 
often only have knowledge of the domain name and not the unique 
identifier. To communicate with a computer on the network, the unique 
identifier of the computer you are contacting must be ascertained. To 
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ascertain the unique identifier, network routers forward the identifier request 
to other routers until a domain name server that maintains the desired 
information is located. Existing schemes can waste time forwarding the 
identifier request from one router to another router resulting in an increase 
of traffic on the network and slowing down the time it takes to access and 
retrieve any information on the internet. These problems can be understood 
by reviewing networks, internets, and how they work. 

Networks 



10 



mul 



In modern computing environments, it is commonplace to employ 
xltiple computers or workstations linked together in a network to 
communicate between, and share data with, network users. A network also 
may include resources, such as printers, modems, file servers, etc., and may 
15 also include services, such as electronic mail. 

A network can be a small system that is physically connected by cables 
(a local area network or "LAN"), or several separate networks can be 
connected together to form a larger network (a wide area network or 
20 "WAN"). Other types of networks include the internet, tel-com networks, 
the World Wide Web, intranets, extranets, wireless networks, and other 
networks over which electronic, digital, and/or analog data may be 
communicated. 

25 Computer systems sometimes rely on a server computer system to 

provide information to requesting computers on a network. When there are 
a large number of requesting computers, it may be necessary to have more 
than one server computer system to handle the requests. In prior art systems, 
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there is a problem in efficiently directing requests to the correct server in a 
multiple server system. 

One area where this has been a problem is on the internet. The 
5 problem can be better understood by reviewing the structure and operation of 
the internet below. 



Thp Internet 

10 

The Internet is a worldwide network of interconnected computers. An 
Internet client accesses a computer on the network via an Internet provider. 
An Internet provider is an organization that provides a client (e.g., an 
individual or other organization) with access to the Internet (via analog 
15 telephone line or Integrated Services Digital Network line, for example). A 
client can, for example, read information from, download a file from or send 
an electronic mail message to another computer /client using the Internet. 

To retrieve a file or service on the Internet, a client must search for the 
20 file or service, make a connection to the computer on which the file or 
service is stored, and download the file or service. Each of these steps may 
involve a separate application and access to multiple, dissimilar computer 
systems. The World Wide Web (WWW) was developed to provide a 
simpler, more uniform means for accessing information on the Internet. 



25 



The components of the WWW include browser software, network 
links, servers, and WWW protocols. The browser software, or browser, is a 
-friendly interface (i.e., front-end) that simplifies access to the Internet. A 



user 
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browser allows a cUent to communicate a request without having to learn a 
complicated command syntax, for example. A browser typically provides a 
graphical user interface (GUI) for displaying information and receiving input. 
Examples of browsers currently available include Mosaic, Netscape Navigator 
5 and Communicator, Microsoft Internet Explorer, and Cello. 

Information servers maintain the information on the WWW and are 
capable of processing a client request. Hypertext Transport Protocol (HTTP) is 
the standard protocol for communication with an information server on the 
10 WWW. HTTP has communication methods that allow clients to request 
data from a server and send information to the server. 

To submit a request, the client contacts the HTTP server and transmits 
the request to the HTTP server. The request contains the communication 
15 method requested for the transaction (e.g., GET an object from the server or 
POST data to an object on the server). The HTTP server responds to the client 
by sending a status of the request and the requested information. The 
connection is then terminated between the client and the HTTP server. 



20 A client request therefore, consists of establishing a connection 

between the client and the HTTP server, performing the request, and 
terminating the connection. The HTTP server does not retain any 
information about the request after the connection has been terminated. 
HTTP is, therefore, a stateless protocol. That is, a client can make several 

25 requests of an HTTP server, but each individual request is treated 

independent of any other request. The server has no recollection of any 
previous request. 
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An addressing scheme is employed to identify Internet resources (e.g., 
HTTP server, file or program). This addressing scheme is called Uniform 
Resource Locator (URL). A URL contains the protocol to use when accessing 
the server (e.g., HTTP), the Internet domain name of the site on which the 
5 server is running, the port number of the server, and the location of the 
resource in the file structure of the server. 

The WWW uses a concept known as hypertext. Hypertext provides 
the abUity to create links within a document to move directly to other 

10 information. To activate the link, it is only necessary to click on the hypertext 
link (e.g., a word or phrase). The hypertext link can be to information stored 
on a different site than the one that supplied the current information. A 
URL is associated with the link to identify the location of the additional 
information. When the link is activated, the client's browser uses the link to 

15 access the data at the site specified in the URL. 

If the client request is for a file, the HTTP server locates the file and 
sends it to the client. An HTTP server also has the ability to delegate work to 
gateway programs. The Common Gateway Interface (CGI) specification 

20 defines a mechanism by which HTTP servers communicate with gateway 
programs. A gateway program is referenced using a URL. The HTTP server 
activates the program specified in the URL and uses CGI mechanisms to pass 
program data sent by the client to the gateway program. Data is passed from 
the server to the gateway program via command-line arguments, standard 

25 input, or environment variables. The gateway program processes the data 
and returns its response to the server using CGI (via standard input, for 
example). The server forwards the data to the client using the HTTP. 



WO 00/14938 



6 



PCT/US99/20158 



A browser displays information .o a client/user as pages or documents 
(referred «o as "web pages" or "web sites",. A .anguage is used to define the 
forma, for a page ,0 be displayed in the WWW. The .anguage is c*d 
Hypertext Markup Unguage (HTML). A WWW page is rransnutted to a 
5 jit as an HTML document. The browser executing a, the chant parses the 
document and displays a page based on the information in the HTML 
document. 

HTML is a structura! ianguage that is comprised of HTML elements 
10 that are nested within each other. An HTML document is a tex, file in wHch 
certain strings of characters, caUed tags, mar, regions of the document and 
^ special meaning to them. These regions are called HTML elements. 
Ea che,lnt has a name, or ta, An element can have attributes that spec, 
properties of the element. Blocks or components include unordered 1... text 
15 Ll.cheCboxes.radiobuHons.forexample. Bach block has properhes such 
as name, type, and vaiue. The following provides an example of the 
structure of an HTML document: 
<HTML> 

f^meVKs) valid in the document head 
20 </HEAD> 

^kment(s) valid in the document body 
</BODY> 
s </HTML> 

Each HTML element is delimited by the pair of characters V and V. 
The name of the HTML element is contained within the delimiting 
characters. The combination o, the name and delimiting characters « 
30 referred to as a marker, or tag. Each element is identified by its marker. In 
m os,cases,eache,emen,hasastar,a,dendingmarke, The endrng marker 
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identified by the of an another character. V that fouows the V 



IS 

character, 



HTML is a hierarchical language. With «he exception of .he HTML 
5 element, all other elements are contained within another element. The 

.emen, encompasses the entire — ., identities the en,osed 
« as an HTML document. The HEAD element is contained 
HTML element and indudes information about the HTML document. The 
B0 DY element is contained within the HTML. The BODY eiemen. contams 
10 Letextandother—ntobedisplayed. Other HTML elements 

are described in HTML reference manuals. 



p nra i n Name Server 

A computer user navigates the interne, or web from a browser on a 
computer system. To access a web site, the user enters the host name (or 
donlname.0, the web site into the browser. This 
clicKng on a Unx, by acnvanng a too! bar button, or by manua Hy enterm 
, nameladdressintoalocanonfieldandpressmg W. - names *a, a 

example. The name that is entered is no, the actual Internet Protocol IT, 
ad drL o, me in,ended web serve, The aCual !P address is a string of 

25 A worldwide distributed database system, called the "Domain Name Sys*m 
(DNS)" provides the mapping between server names and the associated IP 

addresses. 
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Each client (or host) is configured with, or otherwise learns about, a 
name server that is willing to answer its queries (for mapping a domain 
name to an IP address, or vice versa). Such a name server is referred to as the 
"local name server" for that host. Client application software, such as a web 
5 browser, aiso use a local library, called the "DNS resolver" to obtain the 
translation from server name to IP address. The resolver in tarn contacts a 
predetermined iocal DNS name server to obtain the translation. DNS name 
servers can maintain caches of previously resolved names. More specifically, 
name resolution processes typically require two hosts on the client s,de. 
10 Consider a user working on "asha.eng.sun.com" that wants ,0 get the address 
C "whitehouse.gov". The client browser will talk with a local resolver (a 
horary attached to the browser process itself, in the current example runnmg 
on asha.eng.sun.com). The local resolver will go to one of a relatively smali 
number of local name servers, eg. "ns.sun.com". Here ns.sun.com is calied 
15 the client side name server. The client side name server will con—re 
with the outside world to determine the IP address of whi.ehouse.gov, and 
toward this information to the resolver that is part of the browser process. 

DNS is a global network of servers that translate host names into 
20 numerical addresses (known as Internet Protocol, or IP addresses) and 
provides IP address to name mapping as well. A DNS server consists of a 
na.ne server and a resolver. The name server provides responses to resolver 
requests when it can by supplying the correct address for the host name 
supplied by the resolver. Referring to Figure !, a. step 100, *e user enters the 
M domain name into the browser. At step 102, the browser requests the DNS 
Resolver to transiate the domain name into the IP address. At step, 104, me 
resolver searches its cache to see if it already has a va!id (unexpired) mapping 
available. If the cache has a valid mapping, it returns the IP address to the 
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browser at step 116. If the mapping is not in cache, the resolver forwards the 
request to the local name server at step 106. 

All name servers know about at least one other name server that 
5 provides the DNS service for the root (.) domain. Thus, at step 108, the local 
name server contacts the name server for the any known domain. For 
example, if the host name is "www.java.sun.com", and the local name server 
does not know the address for the name server "java.sun.com", it will check 
to see if it knows the next level domain, i.e., the address for "sxm.com". If the 
10 local name server does not know the address for "sun.com", it will check to 
see if it knows the address of next level domain, i.e., ".com". If the local 
name server does not know the address for ".com", it will contact the root 
name server ".". At step 110, the local name server will obtain the address for 
the complete domain from the name server contacted (if that name server 
15 knows the address). Otherwise, at step 110, the local name server will obtain 
the address for the next level of the domain from the contacted name server. 
For example, if the local name server contacted the name server for ".com" 
and that name server does not know the full address, the ".com" name server 
will return the domain address for "sun.com". Steps 108 and 110 are then 
20 repeated until the complete domain address is obtained. Continuing with the 
above example, the local name server would contact the "java.com" name 
server and obtain the address for "java.sun.com". The local name server 
would then contact the name server for "java.sun.com" and obtain the 
address for "www.java.sun.com". When a request is made to a name server, 
25 there are often many network routers ("routers") that forward the request 
from one location to another until it reaches the desired name server. 
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Once an intermediate or complete IP address is obtained, the address is 
saved in cache so that a future request may be serviced entirely from local 
cache at step 114. Thus, if a request for an alternative domain is received (e.g., 
a request for "ftp.sun.com"), the local name server can contact the name 
5 server (e.g., "sun.com") directly, without repeating the communication with 
the root domain server or with intermediate name servers (e.g., the ".corn- 
name server). At step, 116, the IP address is returned to the browser. Once 
the IP address is known, the browser communicates with the web server at 
that address to retrieve the requested web page or other information. 

10 

The operation of the DNS network is described in: 
P.V. Mockapetris "Domain names - concepts and facilities", RFC 1034. Nov 
1987. 

P.V. Mockapetris "Domain names - implementation and specification", RFC 
15 1035. Nov 1987. 



PMP F?r f °r Problems 

When DNS information is cached in a local name server, the cached 
20 information is only available to the clients that access that particular local 
name server (e.g., clients of the same internet service provider, or members 
of the same organization). Thus, if two users access different local name 
servers and each user requests the same IP address, both requests will have to 
go up the chain of name servers through the various routers, to obtain the 
25 needed information. 
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For example, if two users in different universities in New Zealand 
were to query the DNS for the IP address of www.sun.com, both of the 
requests would be serviced by the local name server at ns.sun.com in the 
United States without any local caching benefit. Figure 2 provides another 
example of the prior art. Clients Cll 212 and Cl 2 214 are part of the SUN 
network 200 that utilizes local name server DNSi 220. Clients Cl 3 216 and CI4 
218 are part on the NSCP network 204 that utilizes local name server DNS2 
222. If client Cll 212 requests information regarding an IP address on the 
SYDNEY 2000 network 208 in Sydney, Australia, the request is processed at 
the SYDNEY 2000 208 network's local name server ns.syd.au 224. Routers 210 
would forward the request from Cll to the local name servers 220 that 
forwards the request through routers 210 on the internet 206 until it reaches 
the SYDNEY 2000 network 208 and name server 224. The request is then 
transmitted back along the same route through routers 210 until it returns 
back to local name server 220 where it is cached. 

Only clients that access that same local DNS name server benefit from 
the caching information. Thus, in the above example, only Cl 2 benefits from 
the CU request and its resulting cached information. If Cl 4 requests a DNS 
translation for www.syd.au, it does not benefit from the cached information, 
and the information is requested and transmitted all the way to Australia and 
back. Thus, both DNSi and DNS 2 would obtain the relevant information 
from Australia creating traffic on the individual networks 200 204 and 208 
and internet 206. 

Networks may be divided up into layers. For example, one layer may 
provide for the forwarding of information from one location to another, 
referred to as the network layer, and another layer may provide for the 
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parsing and processing of the information passed across the network, referred 
to as the application layer. Name resolution as provided by the domain 
name system (DNS) is an application layer protocol. Network routers 210 are 
only concerned with the network layer protocol and forward the DNS request 
5 to its desired destination. Consequently, routers 210 don't parse or process 
the information that they forward in packets. 



p^iY^rV Tr a f fir deduction 

10 

Prior art methods for reducing network traffic have provided methods 
for caching web pages and HTML information. Two such prior art methods 
are referred to as Active Networks and Transparent Proxies. 



Aft ivp Networks 

Routers are dedicated machines for forwarding and switching traffic as 
quickly as possible. In an Active Network, specific routers are configured to 
process packets of web and other non-DNS information. Specific geographic 
locations are chosen to place the specially configured routers. Consequently, 
the performance of an Active Network is based on the placement strategy of 
the updated routers. 



25 
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Transparent Proxies 

Transparent Proxies are used mostly by large corporations and internet 
service providers for reducing their web traffic. In a typical set-up, the 

5 domain administrator configures the routers so that all of the web requests 
(identified by a port number, e.g., 80) are automatically diverted to a proxy 
server ("transparent proxy"). A proxy server (or proxy) is a server that carries 
out requests transmitted to it (i.e., from a client), keeping copies of fetched 
documents or information for some time so that they can be accessed more 

10 quickly in the future, speeding up access for commonly requested 
information. This storing and retrieval of information and fetched 
documents by the proxy is referred to as caching and the information 
maintained in the proxy is referred to as a cache or proxy cache. If the proxy 
does not have the desired information, the proxy sends a request to the 

15 appropriate web server (which may be processed through several routers) that 
then returns the information to the proxy for caching. When the proxy gets 
the desired information, it provides this information to the requesting client. 

The prior art methods do not provide any method for optimizing DNS 
20 traffic. Approximately 10% of the traffic on the internet is currently 

comprised of DNS traffic. Further, since DNS information does not change 
often (IP addresses often remain the same even when computers on a 
network are moved), the validity of a DNS entry may be much longer than 
that of data transmitted through the web. Consequently, an efficient method 
25 for optimizing and processing DNS traffic is needed. 
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SUMMARY OF THE INVENTION 



A method and apparatus for transparently processing DNS traffic. To 
access information on the internet using a domain name, the internet 
5 protocol (IP) address that maps to the domain name must be determined. 
The domain name system (DNS) is utilized to transmit and process the 
address and domain name information. DNS traffic comprises 
approximately 10% of the internet network traffic. 

10 When a client requests a name server to translate a domain name into 

an IP address, the requests are forwarded from one network router to another 
network router until a name server that maintains the desired information is 
located. The network routers do not examine the information, but merely 
forward the information along the pathway to the destination name server. 

15 

One or more embodiments of the invention provide for updated 
routers that recognize when the information consists of DNS traffic, parses 
the information, caches the address information (if any), and then continues 
to forward the desired information back to the name server. Consequently, 

20 when another request for similar address information is forwarded to a 
router, the router can provide the response to the requestor instead of 
forwarding the request to a distant name server. In this manner, routers 
intercept DNS traffic and cache DNS information, allowing clients that utilize 
different name servers to benefit from the cached information. Such updated 

25 routers reduce the latency in DNS responses and reduce network traffic. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

Figure 1 illustrates a prior art method for processing DNS information. 

Figure 2 demonstrates the relationship between several networks. 

Figure 3 is a block diagram of one embodiment of a computer system 
capable of providing a suitable execution environment for one or more 
embodiments of the invention. 

Figure 4 demonstrates the relationship between several networks and 
the path of DNS traffic according to one or more embodiments of the 
invention. 

Figure 5 illustrates the steps executed by an updated router according to 
one or more embodiments of the invention. 
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DETAILED DESCRIPTION OF THE INVENTION 

The invention is a method and apparatus for transparently caching 
DNS traffic. In the following description, numerous specific details are set 
5 forth to provide a more thorough description of embodiments of the 
invention. It is apparent, however, to one skilled in the art, that the 
invention may be practiced without these specific details. In other instances, 
well known features have not been described in detail so as not to obscure the 
invention. 

10 

F m V»nHiTnPnt of Computer Exec ution Environment (Hardware) 

An embodiment of the invention can be implemented as computer 
software in the form of computer readable code executed on a general 

15 purpose computer such as computer 300 illustrated in Figure 3, or in the form 
of bytecode class files running on such a computer. A keyboard 310 and 
mouse 311 are coupled to a bi-directional system bus 318. The keyboard and 
mouse are for introducing user input to the computer system and 
communicating that user input to processor 313. Other suitable input devices 

20 may be used in addition to, or in place of, the mouse 311 and keyboard 310. 
I/O (input/output) unit 319 coupled to bi-directional system bus 318 
represents such I/O elements as a printer, A/V (audio/video) I/O, etc. 

Computer 300 includes a video memory 314, main memory 315 and 
25 mass storage 312, all coupled to bi-directional system bus 318 along with 
keyboard 310, mouse 311 and processor 313. The mass storage 312 may 
include both fixed and removable media, such as magnetic, optical or 
magnetic optical storage systems or any other available mass storage 
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technology. Bus 318 may contain, for example, thirty-two address lines for 
addressing video memory 314 or main memory 315. The system bus 318 also 
includes, for example, a 32-bit data bus for transferring data between and 
among the components, such as processor 313, main memory 315, video 
5 memory 314 and mass storage 312. Alternatively, multiplex data/address 
lines may be used instead of separate data and address lines. 



In one embodiment of the invention, the processor 313 is a 
microprocessor manufactured by Motorola, such as the 680X0 processor or a 

10 microprocessor manufactured by Intel, such as the 80X86, or Pentium 
processor, or a SPARC microprocessor from Sun Microsystems, Inc. 
However, any other suitable microprocessor or microcomputer may be 
utilized. Main memory 315 is comprised of dynamic random access memory 
(DRAM). Video memory 314 is a dual-ported video random access memory. 

15 One port of the video memory 314 is coupled to video amplifier 316. The 
video amplifier 316 is used to drive the cathode ray tube (CRT) raster monitor 
317. Video amplifier 316 is well known in the art and may be implemented 
by any suitable apparatus. This circuitry converts pixel data stored in video 
memory 314 to a raster signal suitable for use by monitor 317. Monitor 317 is 

20 a type of monitor suitable for displaying graphic images. 

Computer 300 may also include a communication interface 320 
coupled to bus 318. Communication interface 320 provides a two-way data 
communication coupling via a network link 321 to a local network 322. For 
25 example, if communication interface 320 is an integrated services digital 
network (ISDN) card or a modem, communication interface 320 provides a 
data communication connection to the corresponding type of telephone line, 
which comprises part of network link 321. If communication interface 320 is 
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a local area network (LAN) card, communication interface 320 provides a data 
communication connection via network link 321 to a compatible LAN. 
Wireless links are also possible. In any such implementation, 
communication interface 320 sends and receives electrical, electromagnetic or 
5 optical signals which carry digital data streams representing various types of 
information. 

Network link 321 typically provides data communication through one 
or more networks to other data devices. For example, network link 321 may 

10 provide a connection through local network 322 to local server computer 323 
or to data equipment operated by an Internet Service Provider (ISP) 324. ISP 
324 in turn provides data communication services through the world wide 
packet data communication network now commonly referred to as the 
"Internet" 325. Local network 322 and Internet 325 both use electrical, 

15 electromagnetic or optical signals which carry digital data streams. The 
signals through the various networks and the signals on network link 321 
and through communication interface 320, which carry the digital data to and 
from computer 300, are exemplary forms of carrier waves transporting the 
information. 

20 

Computer 300 can send messages and receive data, including program 
code, through the network(s), network link 321, and communication 
interface 320. In the Internet example, remote server computer 326 might 
transmit a requested code for an application program through Internet 325, 
25 ISP 324, local network 322 and communication interface 320. 



The received code may be executed by processor 313 as it is received, 
and/or stored in mass storage 312, or other non-volatile storage for later 
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execution. In this manner, computer 300 may obtain application code in the 
form of a carrier wave. 

Application code may be embodied in any form of computer program 
product. A computer program product comprises a medium configured to 
store or transport computer readable code, or in which computer readable 
code may be embedded. Some examples of computer program products are 
CD-ROM disks, ROM cards, floppy disks, magnetic tapes, computer hard 
drives, servers on a network, and carrier waves. 

The computer systems described above are for purposes of example 
only. An embodiment of the invention may be implemented in any type of 
computer system or programming or processing environment. 



Embodiment of Software A p paratus for Transparently Caching PNS Traffic 

One or more embodiments of the invention may be described by 
examining the layered model of networking and the peer relationships 
between the different layers. At the network layer, a peer relationship exists 
between each router that is connected by some type of wire. At the higher 
application layer, DNS entities (e.g., DNS resolvers and the local name 
servers) have a peer relationship with multiple hops in between (e.g., the 
routers). The routers at the network layer (the hops of the network layer) do 
not examine the information from application layer protocols. The routers 
merely transparently transfer the information between DNS clients and DNS 
servers. 
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In one or more embodiments of the invention, the layering model of 
networks is violated. DNS traffic is communicated from one machine to 
another machine through the use of name service ports. DNS traffic 
commonly arrives from and is transmitted to a specific DNS port (e.g., port 
5 53). Consequently, based on the port information that is present in all IP 
packets, the routers have the ability to identify when DNS traffic is being 
transmitted versus when web or other traffic is being transmitted. 



When an intermediate router (or hop in the network protocol layer) 
10 identifies that DNS information is in the packet it is transmitting across the 
internet, the routers violate the layering model and examine the information 
in the packet as if the router were a member of the application protocol. The 
information is then parsed and cached. Thus, the routers snoop on the DNS 
replies from a name-server and cache the intercepted replies. The routers 
15 also intercept DNS requests, and determine if the request can be served from 
the cache. If the cache contains the requested information, the router 
provides the response to the DNS query. If the cache does not contain the 
requested information, the router forwards the request to the next router or 
hop along the path to the name server. 

20 

Referring to the prior art system of Figure 1, at step 106, the resolver 
forwards the request to the local name server, and at step 108, the name 
server of the lowest level domain name is contacted. In one or more 
embodiments of the invention, the forwarding step 106 and the contacting 
25 step 108 are processed through routers that may intercept the transmissions. 
The routers examine the packet of information from the intercepted 
transmissions and store any necessary information in cache. Further, when 
the information is obtained from the name server and transmitted back to 
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the local name server at step 110, in one or more embodiments of the 
invention, the routers again intercept the transmission, parse the 
information, and cache the address information as it passes by on its way to 
the local name server. 

5 

Figure 5 demonstrates the process performed by an updated router 
according to one or more embodiments of the invention. The process starts 
at step 500. At step 502, the router examines the port information to 
determine if the current information is DNS traffic or some other type of 
10 traffic (e.g., web traffic). If the information is not DNS traffic, the router 
merely performs as normal and forwards the request to the next hop to its 
destination at step 512. 

If the information is DNS traffic, the router parses the information at 
15 step 504. At step 506, the router determines if the parsed information (e.g., 
the requested address information) is in its cache. If the information is not in 
its cache, the router stores the relevant information (if any) in its cache at step 
510 and forwards the request to the next hop in the information's path at step 
512. If the information is in the routers cache, the router returns the 
20 requested information to the requestor at step 508. In this manner, the 

updated routers maintain their own cache and are capable of processing DNS 
translation requests. 



Alternatively, between step 502 and step 504, if the information is DNS 
25 traffic, the router will automatically forward the DNS information to a 
preconfigured host. Routers are currently configured to recognize types of 
internet traffic and forward specified types of internet traffic to a specific 
location or host. Once the host receives the information, the host executes 
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the remaining steps 504-514. For example, the host parses the information at 
step 504 and searches its own cache for valid information at step 506. If there 
is any information to store in the cache (i.e., the DNS information is being 
returned), the information is stored in the host's cache at step 510. In such an 
5 embodiment, the router classifies and diverts packets to the configured host, 
and the host performs all additional functionality. 



Referring to Figure 4, in one or more embodiments of the invention, 
one or more of the routers 210 may be modified as defined in Figure 4, to 

10 intercept, parse, and cache DNS information. For example, routers 404 and 
406 may be updated. Consequently, when Cll 212 requests a DNS translation 
from ns.syd.au 224, the request is forwarded through route 400 along routers 
210 and updated routers 404 and 406. However, updated router 404 
determines that it is DNS traffic, violates its network layer, and intercepts the 

15 request. Router 404 parses the requested information and determines if it is 
in its cache. If the requested information is in its cache, router 404 returns 
the result back to Cll 212 (along route 400). If the requested information is 
not in its cache, it merely forwards the request to the next hop in pathway 400. 
Router 406, upon determining that the transmission is DNS traffic, intercepts 

20 the request and searches its cache. Upon determining that the relevant 
information is not in its cache, router 406 forwards the request to the next 
hop in pathway 400. The request is forwarded until it reaches the local name 
server ns.syd.au 224. Alternatively, as described above, in one or more 
embodiments, the router forwards the request (if it is DNS traffic) to a 

25 configured host that maintains the cache and processing capabilities. 

The request is processed by ns.syd.au 224 and returned back to Cll 212 
along path 400. When the information reaches router 406 on its way back to 
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Cll 212, router 406 intercepts the request, the router or configured host parses 
the address information, and stores the address information in cache. Router 
406 then forwards the results to the next hop along path 400. Each updated 
router or configured host along path 400 will store the result in its cache. 

5 

Subsequent to the above request, if CI4 requests a similar DNS 
translation, the request would be forwarded along route 402. However, 
router 406 would identify the request as DNS traffic, router 406 intercepts the 
request, router 406 or a configured host parses the request, searches cache, and 
10 returns the requested information back to the previous hop on pathway 402. 
Consequently, the request by CI4 is serviced locally at router 406 or the 
configured host and does not need to.be serviced in Australia at ns.syd.au 224. 

As described above, according to one or more embodiments of the 
15 invention, the updated routers perform additional processing from other 
routers. The processing by the routers as described above and illustrated in 
Figure 5, includes viewing a portion of the DNS traffic, parsing the 
information, maintaining a database for cache storage, and searching cache 
for the information. 

20 

Some DNS name servers return different answers for client requests 
for the same host name. Such a response may be based on load-balancing 
considerations (e.g., the attempt to balance network traffic across multiple 
servers), or it may be chosen to direct the clients to "nearby" hosts. Use of 
25 such schemes may be less effective with the transparent DNS caching 
according to one or more embodiments of the invention. Some schemes 
provide for strategic geographic placement of cacheable data (e.g., routers that 
may cache web traffic) in order to provide the information for the highest 
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number of clients possible. The geographical scheme described in pending 
patent application number 09/081,860 entitled "Method and Apparatus for 
Effective Traffic Localization Through Domain Name System" which is 
hereby incorporated by reference, works well when used to determine which 
network routers are to be updated in accordance with one or more 
embodiments of the invention. In such a geographic scheme, the 
information returned is deliberately provided to be applicable to a large 
number of (if not all) DNS clients, with client-side computation to still 
achieve the load-balancing and traffic localization goals desired. Such a 
scenario reduces the network load as well as the latency observed in DNS 
translations. 

Thus, a method and apparatus for encoding content characteristics for 
the retrieval of information is described in conjunction with one or more 
specific embodiments. The invention is defined by the claims and their full 
scope of equivalents. 
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CLAIMS 

1. A method for transparently processing DNS traffic comprising: 
transmitting a request for information to a network router; 
5 parsing said transmitted request; 

searching cache for said requested information; and 
returning said requested information if said requested information is 
in said cache. 

10 2. The method of claim 1 further comprising: 

forwarding said request to a next hop of said request if said requested 
information is not in said cache; 

receiving said requested information; 
parsing said requested information; 
15 storing said requested information in said cache; and 

forwarding said requested information to a next hop of said requested 
information. 

3. The method of claim 1 wherein said information is internet 
20 protocol address information. 

4. The method of claim 1 wherein said network router is applicable 
to one or more DNS clients based on geographical placement. 



25 5. The method of claim 2 wherein said receiving step comprises 

transmitting said requested information from a name server. 
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6. A system comprising 
a processor; 

a memory coupled to said processor; 

code executed by said processor configured to transparently process 

DNS traffic; 

said code comprising: 

a method transmitting a request for information to a network 

router; 

a method parsing said transmitted request; 
a method searching cache for said requested information; and 
a method returning said requested information if said requested 
information is in said cache. 

7. The system of claim 6 wherein said code further comprises: 

a method forwarding said request to a next hop of said request if said 
requested information is not in said cache; 

a method receiving said requested information; 

a method parsing said requested information; 

a method storing said requested information in said cache; and 

a method forwarding said requested information to a next hop of said 
requested information. 

8. The system of claim 6 wherein said information is internet 
protocol address information. 

9. The system of claim 6 wherein said network router is applicable 
to one or more DNS clients based on geographical placement. 
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10. The system of claim 7 wherein said code for a method receiving 
said requested information comprises a method transmitting said requested 
information from a name server. 

11. A computer program product comprising 

a computer usable medium having computer readable program code 
embodied therein configured to transparently process DNS traffic, said 
computer program product comprising: 

computer readable code configured to cause a computer to transmit a 
request for information to a network router; 

computer readable code configured to cause a computer to parse said 
transmitted request; 

computer readable code configured to cause a computer to search cache 
for said requested information; and 

computer readable code configured to cause a computer to return said 
requested information if said requested information is in said cache. 
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12. The computer program product of claim 11 further comprising: 
computer readable code configured to cause a computer to forward said 

request to a next hop of said request if said requested information is not in 
said cache; 

5 computer readable code configured to cause a computer to receive said 

requested information; 

computer readable code configured to cause a computer to parse said 
requested information; 

computer readable code configured to cause a computer to store said 
10 requested information in said cache; and 

computer readable code configured to cause a computer to forward said 
requested information to a next hop of said requested information. 

13. The computer program product of claim 11 wherein said 
15 information is internet protocol address information. 

14. The computer program product of claim 11 wherein said 
network router is applicable to one or more DNS clients based on 
geographical placement. 

20 

15. The computer program product of claim 12 wherein said 
computer readable code configured to cause a computer to receive comprises 
computer readable code configured to cause a computer to transmit said 
requested information from a name server. 

25 

16. The method of claim 1 wherein said cache is maintained by said 
network router. 
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17. The method of claim 1 wherein said cache is maintained by a 
configured host. 

18. The system of claim 6 wherein said cache is maintained by said 
5 network router. 

19. The system of claim 6 wherein said cache is maintained by a 
configured host. 

10 20. The computer program product of claim 11 wherein said cache is 

maintained by said network router. 



15 



21. The computer program product of claim 11 wherein said cache is 
maintained by a configured host. 
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